|
The problem is describe here people: http://www.experts-exchange.com/Networking/Linux_Networking/Q_20680648.html
But I will explain it again.
I have RED HAT 9 with 4 eths
And:
Two pppOE conections (2 xDSL accounts each one with his own eth) & Two
LANS (2 more eths)
I want to masquerade LAN1 (eth0) to use
ppp0
and masquerade LAN2 (eth2) to use ppp1
So is this: HOW route 1 ppp to 1 LAN and the other ppp conection
to LAN 2
LAN1 is 192.168.0.0 ---> to 192.168.0.1
(eth0)
LAN2 is 192.168.1.0 ---> to 192.168.1.1
(eth2)
I created both ppp xDSL accounts with
adsl-setup
(when creating the ifcfg-ppp0 and ifcfg-ppp1 files,
the setup automatically gave both accounts the same PID FILE, so ONLY one can be
enabled at a given time.
I change ifcfg-ppp1 PID FILE name and now I can
enabled BOTH AT THE SAME TIME. BUT IS THIS CORRECT?
when I do route -n I have this:
GATEWAY
192.168.96.240 0.0.0.0
255.255.255.255 UH 0 0
0 ppp0
192.168.96.240 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.96.240 0.0.0.0 UG 0 0 0 ppp0 Only one ppp0 is the default gateway.
But well.
Tell me if configuring manually (changing pid file
name in ppp1 script) is correct
Then: I used graffix quicktables script to crate
the rc.firewall (iptables script)
The script was this:
------------------------------------------------------------------
# path to iptables
iptables="/sbin/iptables" if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 > /proc/sys/net/ipv4/tcp_syncookies; fi if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 > /proc/sys/net/ipv4/ip_forward; fi # DEFAULT $iptables -F INPUT $iptables -F OUTPUT $iptables -P INPUT DROP $iptables -P OUTPUT ACCEPT # NAT $iptables -F FORWARD $iptables -F -t nat $iptables -P FORWARD DROP $iptables -A FORWARD -i eth0 -j ACCEPT $iptables -A INPUT -i eth0 -j ACCEPT $iptables -A OUTPUT -o eth0 -j ACCEPT $iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE # allow all packets on the loopback interface $iptables -A INPUT -i lo -j ACCEPT $iptables -A OUTPUT -o lo -j ACCEPT # allow established and related packets back in $iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT # icmp $iptables -A OUTPUT -p icmp -m state --state NEW -j ACCEPT $iptables -A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT $iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -i ppp0 -j ACCEPT # open ports to the firewall $iptables -A INPUT -p tcp --dport 21 -j ACCEPT $iptables -A INPUT -p tcp --dport 80 -j ACCEPT $iptables -A INPUT -p tcp --dport 25 -j ACCEPT $iptables -A INPUT -p tcp --dport 23 -j ACCEPT $iptables -A INPUT -p tcp --dport 100 -j ACCEPT $iptables -A INPUT -p tcp --dport 110 -j ACCEPT $iptables -A INPUT -p tcp --dport 81 -j ACCEPT $iptables -A INPUT -p tcp --dport 27015 -j ACCEPT $iptables -A INPUT -p tcp --dport 27016 -j ACCEPT /sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT /sbin/iptables -A INPUT -p udp --dport 514 -j ACCEPT # drop all other packets $iptables -A INPUT -i ppp0 -p tcp --dport 0:65535 -j DROP $iptables -A INPUT -i ppp0 -p udp --dport 0:65535 -j DROP ----------------------------------------------------------------------------------
Then to make what I want (masquerade both lans and
that lan1 use ppp0, and lan2 use ppp1) patch and recompile kernel with ROUTE
patch of Cédric de Launois
Well. after compiling kernel and test that ROUTE
patch was OK. I modify rc.firewall script BUT didn't function. (may be i did a
wrong script rc.firewall manually)
The second LAN (eth2) ---> ppp1 dont reach
internet.
So. WHat should I do?
:)
|
